CVE-2025-46804 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	No
Type	Privilege escalation
Description	This is a minor information leak when running Screen with setuid-root privileges that is found in older Screen versions, as well as in version 5.0.0. The code in screen.c starting at line 849 inspects the resulting SocketPath with root privileges, and provides error messages that allow unprivileged users to deduce information about the path that would otherwise not be available. An easy way to achieve this is by using the SCREENDIR environment variable.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2862	screen	5.0.0-2	5.0.0-3	High	Fixed

Date	Advisory	Group	Package	Severity	Type
13 May 2025	ASA-202505-1	AVG-2862	screen	High	multiple issues

References
https://git.savannah.gnu.org/cgit/screen.git/commit/?id=e0eef5aac453fa98a2664416a56c50ad1d00cb30